This folder contains a script for configuring and running Nomad on an AWS server. This
script has been tested on the following operating systems:
Ubuntu 16.04
Ubuntu 18.04
Amazon Linux 2
There is a good chance it will work on other flavors of Debian, CentOS, and RHEL as well.
Quick start
This script assumes you installed it, plus all of its dependencies (including Nomad itself), using the install-nomad
module. The default install path is /opt/nomad/bin, so to start Nomad in server mode, you
run:
/opt/nomad/bin/run-nomad--server--num-servers 3
To start Nomad in client mode, you run:
/opt/nomad/bin/run-nomad --client
This will:
Generate a Nomad configuration file called default.hcl in the Nomad config dir (default: /opt/nomad/config).
See Nomad configuration for details on what this configuration file will contain and how
to override it with your own configuration.
Generate a systemd configuration file called nomad.service in the systemd
config dir (default: /etc/supervisor/conf.d) with a command that will run Nomad: nomad agent -config=/opt/nomad/config -data-dir=/opt/nomad/data.
Tell systemd to load the new configuration file, thereby starting Nomad.
We recommend using the run-nomad command as part of User
Data, so that it executes
when the EC2 Instance is first booting. If you are running Consul on the same server, make sure to use this script
after Consul has booted. After running run-nomad on that initial boot, the systemd configuration
will automatically restart Nomad if it crashes or the EC2 instance reboots.
Note that systemd logs to its own journal by default. To view the Nomad logs, run journalctl -u nomad.service. To change
the log output location, you can specify the StandardOutput and StandardError options by using the --systemd-stdout and --systemd-stderr
options. See the systemd.exec man pages for available
options, but note that the file:path option requires systemd version >= 236, which is not provided
in the base Ubuntu 16.04 and Amazon Linux 2 images.
See the nomad-consul-colocated-cluster example and
[nomad-consul-separate-cluster example](https://github.com/hashicorp/terraform-aws-nomad/tree/master/examples/nomad-consul-separate-cluster example) for fully-working sample code.
Command line Arguments
The run-nomad script accepts the following arguments:
server (optional): If set, run in server mode. At least one of --server or --client must be set.
client (optional): If set, run in client mode. At least one of --server or --client must be set.
num-servers (optional): The number of servers to expect in the Nomad cluster. Required if --server is set.
config-dir (optional): The path to the Nomad config folder. Default is to take the absolute path of ../config,
relative to the run-nomad script itself.
data-dir (optional): The path to the Nomad config folder. Default is to take the absolute path of ../data,
relative to the run-nomad script itself.
systemd-stdout (optional): The StandardOutput option of the systemd unit. If not specified, it will use systemd's default (journal).
systemd-stderr (optional): The StandardError option of the systemd unit. If not specified, it will use systemd's default (inherit).
user (optional): The user to run Nomad as. Default is to use the owner of config-dir.
use-sudo (optional): Nomad clients make use of operating system primitives for resource isolation that require
elevated (root) permissions (see the
docs for more info). If you set this flag, Nomad
will run with root-level privileges. If you don't, it'll still work, but certain task drivers will not be available.
By default, this flag is enabled if --client is set and disabled if --server is set (server nodes don't need
root-level privileges).
skip-nomad-config: If this flag is set, don't generate a Nomad configuration file. This is useful if you have
a custom configuration file and don't want to use any of of the default settings from run-nomad.
Example:
/opt/nomad/bin/run-nomad--server--num-servers 3
Nomad configuration
run-nomad generates a configuration file for Nomad called default.hcl that tries to figure out reasonable
defaults for a Nomad cluster in AWS. Check out the Nomad Configuration Files
documentation for what configuration settings are
available.
Default configuration
run-nomad sets the following configuration values by default:
advertise: All the advertise addresses
are set to the Instance's private IP address, as fetched from Metadata.
To override the default configuration, simply put your own configuration file in the Nomad config folder (default:
/opt/nomad/config), but with a name that comes later in the alphabet than default.hcl (e.g.
my-custom-config.hcl). Nomad will load all the .hcl configuration files in the config dir and
merge them together in alphabetical
order, so that settings in
files that come later in the alphabet will override the earlier ones.
For example, to override the default name setting, you could create a file called tags.hcl with the
contents:
name = "my-custom-name"
If you want to override all the default settings, you can tell run-nomad not to generate a default config file
at all using the --skip-nomad-config flag:
Nomad can encrypt all of its network traffic (see the encryption docs for
details), but by default, encryption is not enabled in this
Module. To enable encryption, you need to do the following:
To enable Gossip encryption, you need to provide a 16-byte, Base64-encoded encryption key, which you can generate using
the nomad keygen command. You can put the key in a Nomad
configuration file (e.g. encryption.hcl) in the Nomad config dir (default location: /opt/nomad/config):
server {
encrypt = "cg8StVXbQJ0gPvMd9o7yrg=="
}
RPC encryption: provide TLS certificates
To enable RPC encryption, you need to provide the paths to the CA and signing keys (here is a tutorial on generating
these keys). You can specify
these paths in a Nomad configuration file (e.g. encryption.hcl) in the Nomad config dir (default location:
/opt/nomad/config):
tls {
# Enable encryption on incoming HTTP and RPC endpoints
http = true
rpc = true
# Verify server hostname for outgoing TLS connections
verify_server_hostname = true
# Specify the CA and signing key paths
ca_file = "/opt/nomad/tls/certs/ca-bundle.crt",
cert_file = "/opt/nomad/tls/certs/my.crt",
key_file = "/opt/nomad/tls/private/my.key"
}
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"20968ed882b09a03245770f84b523b73cd64df78"}]},{"name":".gitignore","path":".gitignore","sha":"6c4ebe4426586b7febbaba178294ef59b8272c05"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"4be01a6334d39aa5bf6abe6baae701f5e2a8c5ac"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","sha":"4c6520097a38c2b63e7a91e20a4c06f8005e6fe4"},{"name":"LICENSE","path":"LICENSE","sha":"7a4a3ea2424c09fbe48d455aed1eaa94d9124835"},{"name":"NOTICE","path":"NOTICE","sha":"4653ef2dace926e046f74ab82c82647558c7e94f"},{"name":"README.md","path":"README.md","sha":"48583f19e9257d330a8d9e6f041b101932490d56"},{"name":"_ci","children":[{"name":"publish-amis-in-new-account.md","path":"_ci/publish-amis-in-new-account.md","sha":"3182a0a90775f7bb9622c037196ac2a1f15e455d"},{"name":"publish-amis.sh","path":"_ci/publish-amis.sh","sha":"6902cb1e3d7624ecc91096bcd48c5c91e248c653"}]},{"name":"_docs","children":[{"name":"amazon-linux-ami-list.md","path":"_docs/amazon-linux-ami-list.md","sha":"6607a70497e27d57222552281825053783ad7bb2"},{"name":"architecture-nomad-consul-colocated.png","path":"_docs/architecture-nomad-consul-colocated.png","sha":"438a8b71d1afdc7f91065b910e9de2d6d7d9517c"},{"name":"architecture-nomad-consul-separate.png","path":"_docs/architecture-nomad-consul-separate.png","sha":"df28d183fb8090fabc457ee56f3fb43ded6a5b13"},{"name":"architecture.png","path":"_docs/architecture.png","sha":"e539a77e88af6849d0893be35a8c5b5270edb195"},{"name":"nomad-icon.png","path":"_docs/nomad-icon.png","sha":"193298e1f719d6fb51513d0d9631dafaa17cfaf3"},{"name":"ubuntu16-ami-list.md","path":"_docs/ubuntu16-ami-list.md","sha":"4c1af1d6d863e0e6120520b65d823ee2ae2e2079"}]},{"name":"core-concepts.md","path":"core-concepts.md","sha":"314e6e4769a0316adbce0ff39196f1821544c9ce"},{"name":"examples","children":[{"name":"nomad-consul-ami","children":[{"name":"README.md","path":"examples/nomad-consul-ami/README.md","sha":"11e1163c9c96fb01ebc0578d49f6a58a5d6f5887"},{"name":"nomad-consul-docker.json","path":"examples/nomad-consul-ami/nomad-consul-docker.json","sha":"65223c3b4c561006a0623901eb8c25ea87918590"},{"name":"nomad-consul.json","path":"examples/nomad-consul-ami/nomad-consul.json","sha":"7b2049a6be8a560056543c3e95aa340157f56f92"},{"name":"setup_amazon-linux-2.sh","path":"examples/nomad-consul-ami/setup_amazon-linux-2.sh","sha":"afa4e86365348ab91616f08d3fae0a28c64e158f"},{"name":"setup_nomad_consul.sh","path":"examples/nomad-consul-ami/setup_nomad_consul.sh","sha":"c4e68a5affa34caab8e4197028dfc1970c33da6e"},{"name":"setup_ubuntu.sh","path":"examples/nomad-consul-ami/setup_ubuntu.sh","sha":"81268f86b1ccf5a567ec913dd1dbbe3b3868ad93"}]},{"name":"nomad-consul-separate-cluster","children":[{"name":"README.md","path":"examples/nomad-consul-separate-cluster/README.md","sha":"4f8ee73c20f575cb86ed28fb05840d093e6f2f15"},{"name":"main.tf","path":"examples/nomad-consul-separate-cluster/main.tf","sha":"c29c23f9c54e171826309ed3f00a13552b3c6147"},{"name":"outputs.tf","path":"examples/nomad-consul-separate-cluster/outputs.tf","sha":"fab958b55d52594d98df8391c4282e5c4c1f008a"},{"name":"user-data-consul-server.sh","path":"examples/nomad-consul-separate-cluster/user-data-consul-server.sh","sha":"659e77d66aa4140f776cfbeb9e71f1a874b00682"},{"name":"user-data-nomad-client.sh","path":"examples/nomad-consul-separate-cluster/user-data-nomad-client.sh","sha":"c52069299ee4fe73fbd9cd5d4f48be8ef6a35b3d"},{"name":"user-data-nomad-server.sh","path":"examples/nomad-consul-separate-cluster/user-data-nomad-server.sh","sha":"1b99ff7d6b56999da42c04d5405e81c738214af1"},{"name":"variables.tf","path":"examples/nomad-consul-separate-cluster/variables.tf","sha":"78d0882b72b80b9b8eea67d4950e15b826647e1d"}]},{"name":"nomad-examples-helper","children":[{"name":"README.md","path":"examples/nomad-examples-helper/README.md","sha":"4b42111e7abf289798df0c62847edc722bcd6256"},{"name":"example.nomad","path":"examples/nomad-examples-helper/example.nomad","sha":"63958e3d491757da48a72255ec3b8882302ba33e"},{"name":"nomad-examples-helper.sh","path":"examples/nomad-examples-helper/nomad-examples-helper.sh","sha":"7f5f10afb2331d88268d53fe7e7d8deb0585a8db"}]},{"name":"root-example","children":[{"name":"README.md","path":"examples/root-example/README.md","sha":"9c2e4ffd4e0ffcf6e4d4a6d31583205251a6c67d"},{"name":"user-data-client.sh","path":"examples/root-example/user-data-client.sh","sha":"d6bac10fb2bb654d3255052d863ab19c9cdd41bc"},{"name":"user-data-server.sh","path":"examples/root-example/user-data-server.sh","sha":"109bdeb1f8df56b35d6bf1a6e5346cae4aca61f5"}]}]},{"name":"main.tf","path":"main.tf","sha":"5b21e3855375c578f5946961181efd25ad8426bc"},{"name":"modules","children":[{"name":"install-nomad","children":[{"name":"README.md","path":"modules/install-nomad/README.md","sha":"dd57dafd1f1e74403d957ed18a3e4166c36b64b6"},{"name":"install-nomad","path":"modules/install-nomad/install-nomad","sha":"71bb18f1e4d9bd57885feaafcc76a15032d3c1bb"}]},{"name":"nomad-cluster","children":[{"name":"README.md","path":"modules/nomad-cluster/README.md","sha":"c14efc5da8641e203d3704a998591da9e99511d6"},{"name":"main.tf","path":"modules/nomad-cluster/main.tf","sha":"e46194c1170b25016dd4ed1dfb068af1583d47a6"},{"name":"outputs.tf","path":"modules/nomad-cluster/outputs.tf","sha":"341778300126873e11e2cf9d964bccd927c2644e"},{"name":"variables.tf","path":"modules/nomad-cluster/variables.tf","sha":"b0293a8dc30f988ca63af42e06e7a7cefaabde91"}]},{"name":"nomad-security-group-rules","children":[{"name":"README.md","path":"modules/nomad-security-group-rules/README.md","sha":"c35eab862bdd870569408a9ad55e8abb6894e4fe"},{"name":"main.tf","path":"modules/nomad-security-group-rules/main.tf","sha":"50e1045b13b51852e1a410ea5d9cd3150eff1a48"},{"name":"variables.tf","path":"modules/nomad-security-group-rules/variables.tf","sha":"a3d9d4b0b2abcce058d41b61b099fa115a7babd3"}]},{"name":"run-nomad","children":[{"name":"README.md","path":"modules/run-nomad/README.md","sha":"e93d111550cf5b488ba783aa01679fb5bee6c5e3","toggled":true},{"name":"run-nomad","path":"modules/run-nomad/run-nomad","sha":"b490d5ade01fd497409de0dad7a653f0b830235c"}],"toggled":true}],"toggled":true},{"name":"outputs.tf","path":"outputs.tf","sha":"f3efe59a6784255e79e0a7a77cf4b4ce2461278f"},{"name":"test","children":[{"name":"Gopkg.lock","path":"test/Gopkg.lock","sha":"fc3214f34d7c2f6d5d1c1ab6f9ecf1a85bfb06f8"},{"name":"Gopkg.toml","path":"test/Gopkg.toml","sha":"a84c6ed7e5bfce6f72e9e08666f1665af01a3f84"},{"name":"README.md","path":"test/README.md","sha":"874818e6da7a9c0c9338edde0c27fa3f8a3b3d05"},{"name":"aws_helpers.go","path":"test/aws_helpers.go","sha":"c7b6601bf58485e5deddbb1e17f433b0c12c9dae"},{"name":"nomad_consul_cluster_colocated_test.go","path":"test/nomad_consul_cluster_colocated_test.go","sha":"b346dfaa3bbdf8bccd910e8fe6423a83efc16be0"},{"name":"nomad_consul_cluster_separate_test.go","path":"test/nomad_consul_cluster_separate_test.go","sha":"3de7c5e989f2989cf7d1e3cbeec94d99871a75fa"},{"name":"nomad_helpers.go","path":"test/nomad_helpers.go","sha":"1750e3d729d429c9062fde804f4a66a0d514d22d"},{"name":"terratest_helpers.go","path":"test/terratest_helpers.go","sha":"f6e176e37bc9ce4c5322834a0325bc9ff1b836b4"}]},{"name":"variables.tf","path":"variables.tf","sha":"0941f7c8577a1db5d7fdafbd274deb87813c0ca9"}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"nomad-run-script\">Nomad Run Script</h1><div class=\"preview__body--border\"></div><p>This folder contains a script for configuring and running Nomad on an <a href=\"https://aws.amazon.com/\" class=\"preview__body--description--blue\" target=\"_blank\">AWS</a> server. This\nscript has been tested on the following operating systems:</p>\n<ul>\n<li>Ubuntu 16.04</li>\n<li>Ubuntu 18.04</li>\n<li>Amazon Linux 2</li>\n</ul>\n<p>There is a good chance it will work on other flavors of Debian, CentOS, and RHEL as well.</p>\n<h2 class=\"preview__body--subtitle\" id=\"quick-start\">Quick start</h2>\n<p>This script assumes you installed it, plus all of its dependencies (including Nomad itself), using the <a href=\"/repos/v0.6.2/terraform-aws-nomad/modules/install-nomad\" class=\"preview__body--description--blue\">install-nomad\nmodule</a>. The default install path is <code>/opt/nomad/bin</code>, so to start Nomad in server mode, you\nrun:</p>\n<pre><span class=\"hljs-string\">/opt/nomad/bin/run-nomad</span> <span class=\"hljs-params\">--server</span> <span class=\"hljs-params\">--num-servers</span> 3\n</pre>\n<p>To start Nomad in client mode, you run:</p>\n<pre>/opt/nomad/bin/<span class=\"hljs-built_in\">run</span>-nomad <span class=\"hljs-comment\">--client</span>\n</pre>\n<p>This will:</p>\n<ol>\n<li>\n<p>Generate a Nomad configuration file called <code>default.hcl</code> in the Nomad config dir (default: <code>/opt/nomad/config</code>).\nSee <a href=\"#nomad-configuration\" class=\"preview__body--description--blue\">Nomad configuration</a> for details on what this configuration file will contain and how\nto override it with your own configuration.</p>\n</li>\n<li>\n<p>Generate a <a href=\"https://www.freedesktop.org/wiki/Software/systemd/\" class=\"preview__body--description--blue\" target=\"_blank\">systemd</a> configuration file called <code>nomad.service</code> in the systemd\nconfig dir (default: <code>/etc/supervisor/conf.d</code>) with a command that will run Nomad:<br>\n<code>nomad agent -config=/opt/nomad/config -data-dir=/opt/nomad/data</code>.</p>\n</li>\n<li>\n<p>Tell systemd to load the new configuration file, thereby starting Nomad.</p>\n</li>\n</ol>\n<p>We recommend using the <code>run-nomad</code> command as part of <a href=\"http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-shell-scripts\" class=\"preview__body--description--blue\" target=\"_blank\">User\nData</a>, so that it executes\nwhen the EC2 Instance is first booting. If you are running Consul on the same server, make sure to use this script\n<em>after</em> Consul has booted. After running <code>run-nomad</code> on that initial boot, the <code>systemd</code> configuration\nwill automatically restart Nomad if it crashes or the EC2 instance reboots.</p>\n<p>Note that <code>systemd</code> logs to its own journal by default. To view the Nomad logs, run <code>journalctl -u nomad.service</code>. To change\nthe log output location, you can specify the <code>StandardOutput</code> and <code>StandardError</code> options by using the <code>--systemd-stdout</code> and <code>--systemd-stderr</code>\noptions. See the <a href=\"https://www.freedesktop.org/software/systemd/man/systemd.exec.html#StandardOutput=\" class=\"preview__body--description--blue\" target=\"_blank\"><code>systemd.exec</code> man pages</a> for available\noptions, but note that the <code>file:path</code> option requires <a href=\"https://stackoverflow.com/a/48052152\" class=\"preview__body--description--blue\" target=\"_blank\">systemd version >= 236</a>, which is not provided\nin the base Ubuntu 16.04 and Amazon Linux 2 images.</p>\n<p>See the <a href=\"/repos/v0.6.2/terraform-aws-nomad/MAIN.md\" class=\"preview__body--description--blue\">nomad-consul-colocated-cluster example</a> and\n[nomad-consul-separate-cluster example](https://github.com/hashicorp/terraform-aws-nomad/tree/master/examples/nomad-consul-separate-cluster example) for fully-working sample code.</p>\n<h2 class=\"preview__body--subtitle\" id=\"command-line-arguments\">Command line Arguments</h2>\n<p>The <code>run-nomad</code> script accepts the following arguments:</p>\n<ul>\n<li><code>server</code> (optional): If set, run in server mode. At least one of <code>--server</code> or <code>--client</code> must be set.</li>\n<li><code>client</code> (optional): If set, run in client mode. At least one of <code>--server</code> or <code>--client</code> must be set.</li>\n<li><code>num-servers</code> (optional): The number of servers to expect in the Nomad cluster. Required if <code>--server</code> is set.</li>\n<li><code>config-dir</code> (optional): The path to the Nomad config folder. Default is to take the absolute path of <code>../config</code>,\nrelative to the <code>run-nomad</code> script itself.</li>\n<li><code>data-dir</code> (optional): The path to the Nomad config folder. Default is to take the absolute path of <code>../data</code>,\nrelative to the <code>run-nomad</code> script itself.</li>\n<li><code>systemd-stdout</code> (optional): The StandardOutput option of the systemd unit. If not specified, it will use systemd's default (journal).</li>\n<li><code>systemd-stderr</code> (optional): The StandardError option of the systemd unit. If not specified, it will use systemd's default (inherit).</li>\n<li><code>user</code> (optional): The user to run Nomad as. Default is to use the owner of <code>config-dir</code>.</li>\n<li><code>use-sudo</code> (optional): Nomad clients make use of operating system primitives for resource isolation that require\nelevated (root) permissions (see <a href=\"https://www.nomadproject.io/intro/getting-started/running.html\" class=\"preview__body--description--blue\" target=\"_blank\">the\ndocs</a> for more info). If you set this flag, Nomad\nwill run with root-level privileges. If you don't, it'll still work, but certain task drivers will not be available.\nBy default, this flag is enabled if <code>--client</code> is set and disabled if <code>--server</code> is set (server nodes don't need\nroot-level privileges).</li>\n<li><code>skip-nomad-config</code>: If this flag is set, don't generate a Nomad configuration file. This is useful if you have\na custom configuration file and don't want to use any of of the default settings from <code>run-nomad</code>.</li>\n</ul>\n<p>Example:</p>\n<pre><span class=\"hljs-string\">/opt/nomad/bin/run-nomad</span> <span class=\"hljs-params\">--server</span> <span class=\"hljs-params\">--num-servers</span> 3\n</pre>\n<h2 class=\"preview__body--subtitle\" id=\"nomad-configuration\">Nomad configuration</h2>\n<p><code>run-nomad</code> generates a configuration file for Nomad called <code>default.hcl</code> that tries to figure out reasonable\ndefaults for a Nomad cluster in AWS. Check out the <a href=\"https://www.nomadproject.io/docs/agent/configuration/index.html\" class=\"preview__body--description--blue\" target=\"_blank\">Nomad Configuration Files\ndocumentation</a> for what configuration settings are\navailable.</p>\n<h3 class=\"preview__body--subtitle\" id=\"default-configuration\">Default configuration</h3>\n<p><code>run-nomad</code> sets the following configuration values by default:</p>\n<ul>\n<li>\n<p><a href=\"https://www.nomadproject.io/docs/agent/configuration/index.html#advertise\" class=\"preview__body--description--blue\" target=\"_blank\">advertise</a>: All the advertise addresses\nare set to the Instance's private IP address, as fetched from<br>\n<a href=\"http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\" class=\"preview__body--description--blue\" target=\"_blank\">Metadata</a>.</p>\n</li>\n<li>\n<p><a href=\"https://www.nomadproject.io/docs/agent/configuration/index.html#bind_addr\" class=\"preview__body--description--blue\" target=\"_blank\">bind_addr</a>: Set to 0.0.0.0.</p>\n</li>\n<li>\n<p><a href=\"https://www.nomadproject.io/docs/agent/configuration/client.html\" class=\"preview__body--description--blue\" target=\"_blank\">client</a>: This config is only set of <code>--client</code> is\nset.</p>\n<ul>\n<li><a href=\"https://www.nomadproject.io/docs/agent/configuration/client.html#enabled\" class=\"preview__body--description--blue\" target=\"_blank\">enabled</a>: <code>true</code>.</li>\n</ul>\n</li>\n<li>\n<p><a href=\"https://www.nomadproject.io/docs/agent/configuration/consul.html\" class=\"preview__body--description--blue\" target=\"_blank\">consul</a>: By default, set the Consul address to\n<code>127.0.0.1:8500</code>, with the assumption that the Consul agent is running on the same server.</p>\n</li>\n<li>\n<p><a href=\"https://www.nomadproject.io/docs/agent/configuration/index.html#datacenter\" class=\"preview__body--description--blue\" target=\"_blank\">datacenter</a>: Set to the current\navailability zone, as fetched from\n<a href=\"http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\" class=\"preview__body--description--blue\" target=\"_blank\">Metadata</a>.</p>\n</li>\n<li>\n<p><a href=\"https://www.nomadproject.io/docs/agent/configuration/index.html#name\" class=\"preview__body--description--blue\" target=\"_blank\">name</a>: Set to the instance id, as fetched from\n<a href=\"http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\" class=\"preview__body--description--blue\" target=\"_blank\">Metadata</a>.</p>\n</li>\n<li>\n<p><a href=\"https://www.nomadproject.io/docs/agent/configuration/index.html#region\" class=\"preview__body--description--blue\" target=\"_blank\">region</a>: Set to the current AWS region, as\nfetched from <a href=\"http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\" class=\"preview__body--description--blue\" target=\"_blank\">Metadata</a>.</p>\n</li>\n<li>\n<p><a href=\"https://www.nomadproject.io/docs/agent/configuration/server.html\" class=\"preview__body--description--blue\" target=\"_blank\">server</a>: This config is only set if <code>--server</code> is\nset.</p>\n<ul>\n<li><a href=\"https://www.nomadproject.io/docs/agent/configuration/server.html#enabled\" class=\"preview__body--description--blue\" target=\"_blank\">enabled</a>: <code>true</code>.</li>\n<li><a href=\"https://www.nomadproject.io/docs/agent/configuration/server.html#bootstrap_expect\" class=\"preview__body--description--blue\" target=\"_blank\">bootstrap_expect</a>: Set to the\n<code>--num-servers</code> parameter.</li>\n</ul>\n</li>\n</ul>\n<h3 class=\"preview__body--subtitle\" id=\"overriding-the-configuration\">Overriding the configuration</h3>\n<p>To override the default configuration, simply put your own configuration file in the Nomad config folder (default:\n<code>/opt/nomad/config</code>), but with a name that comes later in the alphabet than <code>default.hcl</code> (e.g.\n<code>my-custom-config.hcl</code>). Nomad will load all the <code>.hcl</code> configuration files in the config dir and\n<a href=\"https://www.nomadproject.io/docs/agent/configuration/index.html#load-order-and-merging\" class=\"preview__body--description--blue\" target=\"_blank\">merge them together in alphabetical\norder</a>, so that settings in\nfiles that come later in the alphabet will override the earlier ones.</p>\n<p>For example, to override the default <code>name</code> setting, you could create a file called <code>tags.hcl</code> with the\ncontents:</p>\n<pre><span class=\"hljs-attr\">name</span> = <span class=\"hljs-string\">\"my-custom-name\"</span>\n</pre>\n<p>If you want to override <em>all</em> the default settings, you can tell <code>run-nomad</code> not to generate a default config file\nat all using the <code>--skip-nomad-config</code> flag:</p>\n<pre><span class=\"hljs-string\">/opt/nomad/bin/run-nomad</span> <span class=\"hljs-params\">--server</span> <span class=\"hljs-params\">--num-servers</span> 3 <span class=\"hljs-params\">--skip-nomad-config</span>\n</pre>\n<h2 class=\"preview__body--subtitle\" id=\"how-do-you-handle-encryption\">How do you handle encryption?</h2>\n<p>Nomad can encrypt all of its network traffic (see the <a href=\"https://www.nomadproject.io/docs/agent/encryption.html\" class=\"preview__body--description--blue\" target=\"_blank\">encryption docs for\ndetails</a>), but by default, encryption is not enabled in this\nModule. To enable encryption, you need to do the following:</p>\n<ol>\n<li><a href=\"#gossip-encryption-provide-an-encryption-key\" class=\"preview__body--description--blue\">Gossip encryption: provide an encryption key</a></li>\n<li><a href=\"#rpc-encryption-provide-tls-certificates\" class=\"preview__body--description--blue\">RPC encryption: provide TLS certificates</a></li>\n<li><a href=\"#consul-encryption\" class=\"preview__body--description--blue\">Consul encryption</a></li>\n</ol>\n<h3 class=\"preview__body--subtitle\" id=\"gossip-encryption-provide-an-encryption-key\">Gossip encryption: provide an encryption key</h3>\n<p>To enable Gossip encryption, you need to provide a 16-byte, Base64-encoded encryption key, which you can generate using\nthe <a href=\"https://www.nomadproject.io/docs/commands/keygen.html\" class=\"preview__body--description--blue\" target=\"_blank\">nomad keygen command</a>. You can put the key in a Nomad\nconfiguration file (e.g. <code>encryption.hcl</code>) in the Nomad config dir (default location: <code>/opt/nomad/config</code>):</p>\n<pre><span class=\"hljs-section\">server</span> {\n <span class=\"hljs-attribute\">encrypt</span> = <span class=\"hljs-string\">\"cg8StVXbQJ0gPvMd9o7yrg==\"</span>\n}\n</pre>\n<h3 class=\"preview__body--subtitle\" id=\"rpc-encryption-provide-tls-certificates\">RPC encryption: provide TLS certificates</h3>\n<p>To enable RPC encryption, you need to provide the paths to the CA and signing keys (<a href=\"http://russellsimpkins.blogspot.com/2015/10/consul-adding-tls-using-self-signed.html\" class=\"preview__body--description--blue\" target=\"_blank\">here is a tutorial on generating\nthese keys</a>). You can specify\nthese paths in a Nomad configuration file (e.g. <code>encryption.hcl</code>) in the Nomad config dir (default location:\n<code>/opt/nomad/config</code>):</p>\n<pre>tls {\n <span class=\"hljs-comment\"># Enable encryption on incoming HTTP and RPC endpoints</span>\n http = true\n rpc = true\n\n <span class=\"hljs-comment\"># Verify server hostname for outgoing TLS connections</span>\n verify_server_hostname = true\n\n <span class=\"hljs-comment\"># Specify the CA and signing key paths</span>\n ca_file = <span class=\"hljs-string\">\"/opt/nomad/tls/certs/ca-bundle.crt\"</span>,\n cert_file = <span class=\"hljs-string\">\"/opt/nomad/tls/certs/my.crt\"</span>,\n key_file = <span class=\"hljs-string\">\"/opt/nomad/tls/private/my.key\"</span>\n}\n</pre>\n<h3 class=\"preview__body--subtitle\" id=\"consul-encryption\">Consul encryption</h3>\n<p>Note that Nomad relies on Consul, and enabling encryption for Consul requires a separate process. Check out the\n<a href=\"https://www.consul.io/docs/agent/encryption.html\" class=\"preview__body--description--blue\" target=\"_blank\">official Consul encryption docs</a> and the Consul AWS Module\n<a href=\"/repos/terraform-aws-consul/modules/run-consul#how-do-you-handle-encryption\" class=\"preview__body--description--blue\">How do you handle encryption\ndocs</a>\nfor more info.</p>\n","repoName":"terraform-aws-nomad","repoRef":"v0.6.0","serviceDescriptor":{"serviceName":"HashiCorp Nomad","serviceRepoName":"terraform-aws-nomad","serviceRepoOrg":"hashicorp","cloudProviders":["aws"],"description":"Deploy a Nomad cluster. Supports automatic bootstrapping, discovery of Consul servers, automatic recovery of failed servers.","imageUrl":"nomad.png","licenseType":"open-source","technologies":["Terraform","Bash"],"compliance":[],"tags":[""]},"serviceCategoryName":"Docker orchestration","fileName":"README.md","filePath":"/modules/run-nomad","title":"Repo Browser: HashiCorp Nomad","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}